From fa1d527fc4b3e82153e6e77f1a3a329b8b1c33c1 Mon Sep 17 00:00:00 2001
From: nameless-mc <shunsuke-taniguchi@cybozu.co.jp>
Date: Wed, 21 Jan 2026 18:02:15 +0900
Subject: [PATCH 1/8] chore: fix build workflow

---
 .github/workflows/reusable-build-image.yaml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/reusable-build-image.yaml b/.github/workflows/reusable-build-image.yaml
index bb292ac..ca385ae 100644
--- a/.github/workflows/reusable-build-image.yaml
+++ b/.github/workflows/reusable-build-image.yaml
@@ -38,8 +38,7 @@ jobs:
       - name: Build and push Docker image
         uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
         with:
-          context: .
-          file: ./docker/Dockerfile
+          context: ./docker
           provenance: false
           # Build for both amd64 and arm64
           platforms: "linux/amd64,linux/arm64"

From 1a8c61d86763edad8f787bc7f7bdf147c6e847a7 Mon Sep 17 00:00:00 2001
From: nameless-mc <shunsuke-taniguchi@cybozu.co.jp>
Date: Wed, 21 Jan 2026 09:38:15 +0000
Subject: [PATCH 2/8] feat: fix process of install brew

---
 docker/Dockerfile | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index 277df3b..06c4fb5 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -11,24 +11,21 @@ RUN apt-get update && \
     procps \
     curl \
     file \
-    git \
-    sudo && \
+    git && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
-# setup sudo user
-ARG SUDO_USER_UID=1001
-ARG SUDO_USER_GID=$SUDO_USER_UID
-ARG SUDO_USERNAME=sudo-user
-RUN echo "Defaults:sudo-user !env_reset" > /etc/sudoers && \
-    echo "sudo-user    ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers && \
-    groupadd --gid ${SUDO_USER_GID} ${SUDO_USERNAME} && \
-    useradd -s /bin/bash --uid ${SUDO_USER_UID} --gid ${SUDO_USER_GID} -G sudo -m ${SUDO_USERNAME}
-USER ${SUDO_USERNAME}
+# create linuxbrew user for Homebrew installation
+RUN useradd -m -s /bin/bash linuxbrew && \
+    mkdir -p /home/linuxbrew/.linuxbrew && \
+    chown -R linuxbrew:linuxbrew /home/linuxbrew
+
+# install brew as linuxbrew user
+USER linuxbrew
+ENV NONINTERACTIVE=1
+RUN /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
 
-# install brew
-ARG NONINTERACTIVE=1
-RUN /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/09792a0a1565f62eb8c90f1578a992968c85468c/install.sh)"
+USER root
 
 FROM debian:bookworm-slim AS dev-container
 
@@ -71,10 +68,13 @@ ENV MISE_CONFIG_DIR="/mise"
 ENV MISE_CACHE_DIR="/mise/cache"
 ENV MISE_INSTALL_PATH="/usr/local/bin/mise"
 
+RUN mkdir -p /home/linuxbrew && \
+    chown -R ${USER_UID}:${USER_GID} /home/linuxbrew
+
 USER ${USERNAME}
 
 # setup brew
-COPY --from=install-brew /home/linuxbrew/.linuxbrew /home/linuxbrew/.linuxbrew
+COPY --from=install-brew --chown=${USER_UID}:${USER_GID} /home/linuxbrew/.linuxbrew /home/linuxbrew/.linuxbrew
 COPY Brewfile ${HOME_DIR}/Brewfile
 RUN eval $(/home/linuxbrew/.linuxbrew/bin/brew shellenv) && \
     brew bundle --file=${HOME_DIR}/Brewfile && \

From e790bf39a051420e253c2cc0e131053ab64808de Mon Sep 17 00:00:00 2001
From: nameless-mc <shunsuke-taniguchi@cybozu.co.jp>
Date: Wed, 21 Jan 2026 09:40:00 +0000
Subject: [PATCH 3/8] chore: add git config

---
 scripts/post-create.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/post-create.sh b/scripts/post-create.sh
index 1e046cf..3c7c533 100755
--- a/scripts/post-create.sh
+++ b/scripts/post-create.sh
@@ -2,6 +2,7 @@
 
 # remove ssh program settings for host env
 git config --global --unset gpg.ssh.program || true
+git config --global --add safe.directory /workspace
 
 # install project-specific tools from workspace mise.toml
 mise install --yes

From b3918bfe9f563dfc7b56acab57dea5cda0a4cf9a Mon Sep 17 00:00:00 2001
From: nameless-mc <shunsuke-taniguchi@cybozu.co.jp>
Date: Wed, 21 Jan 2026 09:48:27 +0000
Subject: [PATCH 4/8] chore: use cache in build image workflow

---
 .github/workflows/reusable-build-image.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/reusable-build-image.yaml b/.github/workflows/reusable-build-image.yaml
index ca385ae..003740e 100644
--- a/.github/workflows/reusable-build-image.yaml
+++ b/.github/workflows/reusable-build-image.yaml
@@ -44,5 +44,7 @@ jobs:
           platforms: "linux/amd64,linux/arm64"
           push: ${{ inputs.push }}
           tags: ${{ inputs.tags }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
         env:
           DOCKER_BUILD_SUMMARY: false

From 8a37d7c82544d98cfdff541a39f9a7ed762f17cb Mon Sep 17 00:00:00 2001
From: nameless-mc <shunsuke-taniguchi@cybozu.co.jp>
Date: Wed, 21 Jan 2026 09:56:15 +0000
Subject: [PATCH 5/8] chore: fix brew version

---
 docker/Dockerfile | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index 06c4fb5..8a4d26e 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -22,10 +22,8 @@ RUN useradd -m -s /bin/bash linuxbrew && \
 
 # install brew as linuxbrew user
 USER linuxbrew
-ENV NONINTERACTIVE=1
-RUN /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
-
-USER root
+ARG NONINTERACTIVE=1
+RUN /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/09792a0a1565f62eb8c90f1578a992968c85468c/install.sh)"
 
 FROM debian:bookworm-slim AS dev-container
 

From 9bcda83694819b5a9fa90483f85601482fd6a617 Mon Sep 17 00:00:00 2001
From: nameless-mc <shunsuke-taniguchi@cybozu.co.jp>
Date: Thu, 22 Jan 2026 10:48:03 +0900
Subject: [PATCH 6/8] chore: add GITHUB_TOKEN

---
 .github/workflows/reusable-build-image.yaml | 2 ++
 docker/Dockerfile                           | 3 ++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/reusable-build-image.yaml b/.github/workflows/reusable-build-image.yaml
index 003740e..86126b1 100644
--- a/.github/workflows/reusable-build-image.yaml
+++ b/.github/workflows/reusable-build-image.yaml
@@ -46,5 +46,7 @@ jobs:
           tags: ${{ inputs.tags }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
+          secrets: |
+            github_token=${{ secrets.GITHUB_TOKEN }}
         env:
           DOCKER_BUILD_SUMMARY: false
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 8a4d26e..db5754c 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -81,7 +81,8 @@ RUN eval $(/home/linuxbrew/.linuxbrew/bin/brew shellenv) && \
     rm -rf ${HOME_DIR}/Brewfile
 
 # install baseline tools from /mise/config.toml
-RUN eval $(/home/linuxbrew/.linuxbrew/bin/brew shellenv) && \
+RUN --mount=type=secret,id=github_token,env=GITHUB_TOKEN \
+    eval $(/home/linuxbrew/.linuxbrew/bin/brew shellenv) && \
     mise install --yes
 
 ARG PNPM_HOME="${HOME_DIR}/.local/share/pnpm"

From 6785198f6b7ae0ae4a8532f3a23727444808a5c1 Mon Sep 17 00:00:00 2001
From: nameless-mc <shunsuke-taniguchi@cybozu.co.jp>
Date: Thu, 22 Jan 2026 13:19:30 +0900
Subject: [PATCH 7/8] chore: test brew install

---
 docker/Dockerfile | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index db5754c..872837c 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -73,12 +73,23 @@ USER ${USERNAME}
 
 # setup brew
 COPY --from=install-brew --chown=${USER_UID}:${USER_GID} /home/linuxbrew/.linuxbrew /home/linuxbrew/.linuxbrew
-COPY Brewfile ${HOME_DIR}/Brewfile
+
+# install mise
+RUN eval $(/home/linuxbrew/.linuxbrew/bin/brew shellenv) && \
+    brew install mise
+
+# install vim
+RUN eval $(/home/linuxbrew/.linuxbrew/bin/brew shellenv) && \
+    brew install vim
+
+# install claude-code
+RUN eval $(/home/linuxbrew/.linuxbrew/bin/brew shellenv) && \
+    brew install --cask claude-code
+
+# cleanup brew
 RUN eval $(/home/linuxbrew/.linuxbrew/bin/brew shellenv) && \
-    brew bundle --file=${HOME_DIR}/Brewfile && \
     brew cleanup -s && \
-    rm -rf $(brew --cache) && \
-    rm -rf ${HOME_DIR}/Brewfile
+    rm -rf $(brew --cache)
 
 # install baseline tools from /mise/config.toml
 RUN --mount=type=secret,id=github_token,env=GITHUB_TOKEN \

From 80f023e0586efd593fd0be7da37ee504f7df0eca Mon Sep 17 00:00:00 2001
From: nameless-mc <shunsuke-taniguchi@cybozu.co.jp>
Date: Thu, 22 Jan 2026 15:17:28 +0900
Subject: [PATCH 8/8] chore: install vim using apt

---
 docker/Brewfile   | 1 -
 docker/Dockerfile | 5 +----
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/docker/Brewfile b/docker/Brewfile
index 6ae9b28..d95b026 100644
--- a/docker/Brewfile
+++ b/docker/Brewfile
@@ -1,3 +1,2 @@
 brew 'mise'
-brew 'vim'
 cask 'claude-code'
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 872837c..16cffc3 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -40,6 +40,7 @@ RUN apt-get update && \
     ssh-client \
     procps \
     gnupg \
+    vim \
     zsh && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
@@ -78,10 +79,6 @@ COPY --from=install-brew --chown=${USER_UID}:${USER_GID} /home/linuxbrew/.linuxb
 RUN eval $(/home/linuxbrew/.linuxbrew/bin/brew shellenv) && \
     brew install mise
 
-# install vim
-RUN eval $(/home/linuxbrew/.linuxbrew/bin/brew shellenv) && \
-    brew install vim
-
 # install claude-code
 RUN eval $(/home/linuxbrew/.linuxbrew/bin/brew shellenv) && \
     brew install --cask claude-code